private cloud for collaboration and e-learning...

Computing (2011) 91:23–42DOI 10.1007/s00607-010-0106-z

Private cloud for collaboration and e-Learning services:from IaaS to SaaS

Frank Doelitzscher · Anthony Sulistio ·Christoph Reich · Hendrik Kuijs · David Wolf

Received: 15 February 2010 / Accepted: 2 July 2010 / Published online: 30 July 2010© Springer-Verlag 2010

Abstract The idea behind cloud computing is to deliver Infrastructure-, Platform-and Software-as-a-Service (IaaS, PaaS and SaaS) over the Internet on an easy pay-per-use business model. The Hochschule Furtwangen University (HFU) is runningtheir own private cloud infrastructure, called Cloud Infrastructure and ApplicationCloudIA. The targeted users of the CloudIA project are HFU staff and students runninge-Learning applications, and external people for collaboration purposes. Therefore, inthis paper, we introduce our work in building a private cloud. More specifically, thispaper shows how our cloud offerings in each of the cloud service models, i.e. IaaS,PaaS and SaaS, address the requirements and needs of e-Learning and collaborationin an university environment.

Keywords Cloud computing · Dynamic VM creation · Shibboleth · PaaS ·e-Learning

Mathematics Subject Classification (2000) 68M14 · 68M20

Communicated by S. Dustdar.

F. Doelitzscher (B) · A. Sulistio · D. WolfDepartment of Computer Science, Hochschule Furtwangen University, Furtwangen, Germanye-mail: [email protected]

A. Sulistioe-mail: [email protected]

D. Wolfe-mail: [email protected]

C. Reich · H. KuijsInformation and Media Centre, Hochschule Furtwangen University, Furtwangen, Germanye-mail: [email protected]

H. Kuijse-mail: [email protected]

123

24 F. Doelitzscher et al.

1 Introduction

Although cloud computing is becoming very popular, it is difficult to get a clear defi-nition of it. The key of cloud computing lies in its component-based nature, i.e. reus-ability, substitutability (e.g. alternative implementations, specialized interfaces andruntime component replacements), extensibility, customizability and scalability [1].Foster et al. [2] discuss the basic concepts of cloud computing and identify the dif-ferences compared to Grid computing. In addition, Armbrust et al. [3] give a goodoverview of cloud computing by highlighting some of the obstacles and opportunitiesin the field.

From our point of view, cloud computing delivers Infrastructure-, Platform-, andSoftware as a Service (IaaS, PaaS, and SaaS) on a simple pay-per-use basis. For small-and medium-sized enterprises (SMEs), cloud computing enables them to avoid over-provisioning IT infrastructure and training personnel. Thus, SMEs can take advantageof using a cloud when the IT capacity needs to be modified on the fly. Typically, moreresources are needed for services that are available only for a certain period. For exam-ple, AF83, a company specializing in social networking and live web solutions, usedAmazon IT infrastructure to deliver a live concert via the Web and mobile devices[4]. The concert attracted 7,000 simultaneous users. By using cloud computing, AF83avoided purchasing new hardware for this special event, and delivered a successfulevent in a short amount of time.

For companies with large IT infrastructure, such as Amazon and Google, becominga cloud provider allowed them to offer their resources to SMEs based on pay-as-you-goand subscription models, respectively. Because not all services require full resourcesat the same time for a long periods of time, these companies can still use and leasetheir existing infrastructure with a relatively small cost. Hence, they can reduce thetotal cost of ownership (TCO) and increase hardware utilization [3].

In a typical university scenario, PC labs and servers are under-utilized during thenight and semester breaks. In addition, these resources are on high demand mainlytowards the end of a semester. Moreover, cloud computing can also be used to sup-port e-Learning services [1,5,6]. With the aforementioned motivations and scenarios,the Hochschule Furtwangen University (HFU) acknowledged the potential benefits ofcloud computing. As a result, HFU established a new project called Cloud Infrastruc-ture and Application (CloudIA).

The targeted users of the CloudIA project are HFU staff and students runninge-Learning applications and external people for collaboration purposes. Therefore, inthis paper, we introduce our work in building CloudIA. More specifically, this papershows how our cloud offerings in each of the cloud service models, i.e. IaaS, PaaSand SaaS address the requirements and needs of e-Learning and collaboration in anuniversity environment. In addition, for PaaS and SaaS, our work interacts with Ama-zon for scalability and high-availability purposes.

The rest of this paper is organized as follows. Section 2 provides some related work,whereas Sect. 3 explains the CloudIA infrastructure. Section 4 shows the potentialusage of the CloudIA project by providing IaaS to HFU students and staff. Sections 5and 6 present PaaS and SaaS use case scenarios in HFU, respectively. Finally, Sect. 7concludes the paper and shows future work.

123

Private cloud for collaboration and e-Learning services: from IaaS to SaaS 25

2 Related work

Dong et al. [5] proposes the use of cloud computing as a base for modern e-Learningapplications. Hence, these applications can leverage cloud computing for dynamicassignable storage and compute resources. To realize this objective, the paper presentsa general and simple architecture with ad-hoc modules, such as monitoring, policyand provision. However, no concrete implementations and e-Learning scenarios arepresented. The CloudIA offerings, presented in this paper, demonstrate the feasibilityof cloud computing for e-Learning services. In addition, the CloudIA architecture (dis-cussed in Sect. 3) addresses other important functionalities for enabling an e-Learningecosystem in the cloud, such as authentication and integration with existing IT infra-structure, creation of customized on-demand virtual machines, and integration with apublic cloud provider.

BlueSky cloud framework [6], developed by Xi’an Jiaotong University (China),enables physical machines to be virtualized and allocated on-demand for e-Learningsystems. The BlueSky framework has similar architectural layers as the CloudIA pro-ject, such as layers dealing with physical resources, provisioning, monitoring, anduser interface. However, the BlueSky framework does not have a security layer likethe CloudIA architecture. Security plays a major role in ensuring user access policies,and enabling a trust among education providers and users. In addition, the BlueSkyframework only focuses on delivering IaaS, whereas the CloudIA project offer IaaS,PaaS and SaaS.

The Virtual Computing Laboratory (VCL) [1], developed by North Carolina StateUniversity (USA), enables students to reserve and access virtual machines (VMs) witha basic image or specific applications environments, such as Matlab and Autodesk.While the also VCL manages physical computing hardware, the CloudIA project con-centrates on virtual machines. Therefore, our work does not need any specific serverhardware or blade centers as a computing base. However, the VCL does not offercollaboration features such as CollabSoft (see Sect. 6). The VCL offers IaaS and PaaSplatforms which could then be used to host collaboration systems (SaaS) on top of it.

The Snow Leopard Cloud [7] provides PaaS for North Atlantic Treaty Organization(NATO) to run its various military exercises and mission events. In addition, SnowLeopard Cloud is used to run Web 2.0 applications, such as video teleconferencing,voice over IP, and remote management over handheld devices and terminals. As theSnow Leopard Cloud is targeted towards military usage, it has multi-level securityand the network infrastructure is encrypted. In the CloudIA project, high privacy andsecurity standards are respected by using a single-sign on approach.

In a business environment, the RESERVOIR project [8] proposes a modular andextensible architecture to support federation of cloud providers. In the RESER-VOIR model, the providers are independent and clearly separated into two roles, i.e.service and infrastructure. The service providers offer SaaS, whereas the infrastructureproviders offer IaaS. In contrast, our work does not have this distinction, since HFU,as a cloud provider, can offer both IaaS and SaaS. Moreover, the main focus of ourwork is to build a private cloud on an existing infrastructure. Thus, federation of cloudproviders is considered as a secondary objective.

123


The Google App Engine [9] provides a Java web framework. It is based on theservlet container Jetty and BigTable for data storage. Applications written for GoogleApp Engine are scaled automatically by Google. Similarities to the Servlet ContainerPlatform (SCP) in Sect. 5 are the uses of servlets. For the data storage CloudIA usesMySQL. The advantage of SCP is the complete support of the newest standards (e.g.Servlet 2.5 and JSP 2.1). Hence, existing servlet applications do not have to be rewrit-ten, since they use a SQL-compatible database, instead of Google’s BigTable. Thedisadvantage is not as scalable as Google applications.

3 Private cloud architecture: CloudIA

To harness the potentials of cloud computing for internal usages at the university,the Cloud Infrastructure and Application (CloudIA) project has been established. Themain objective of this project is to build a private cloud for the purpose of creatingon-demand infrastructures and running e-Learning applications, such as Servlet Con-tainer Platform (see Sect. 5) and on-demand Collaboration Software (CollabSoft) (seeSect. 6).

The CloudIA project is a joint collaboration between IT (IMZ) and ComputerScience (CS) departments at HFU. IMZ has a role in maintaining IT services in HFUand providing e-Learning services to HFU staff and students. Thus, IMZ plays animportant role in integrating CloudIA offerings into existing HFU’s IT infrastructure.

Figure 1 shows a general overview of our HFU’s private cloud architecture thatbuilds on top of an existing hardware infrastructure. It consists of three computerpools (PC Pool, Research Pool and Server Pool), that are located at dif-ferent locations and use separate IP subdomains within the university. The PC Poolhas 18 computers with Ubuntu operating system (OS) and KVM [10] installed, whereasthe other pools have Debian OS and Xen [11] configured. The PC and Server poolsare used by students and staff for teaching purposes during the day. In contrast, theResearch Pool is used for research and development purposes.

The pools are managed by a CloudIA’s Cloud Management System (CMS), asshown in Fig. 2. The CMS is divided into several layers for extensibility and main-tainability. However, the Monitoring and Management and Security components areincorporated across all layers to ensure high reliability and secured services. Thedescriptions of each layer are:

– User interface layer: This layer provides various access points to users and/oradministrators of the CMS in accessing our cloud system

– Business layer: This layer aims to regulate resource supply and demand throughthe use of economy (price) and Service-Level Agreements (SLA). In addition, thislayer enables users to reserve VMs in advance and manage their personal VMs

– System layer: This layer is responsible for daily operation of the CMS, such assubmitting jobs, managing user accounts and monitoring Quality of Service (QoS)

– Resource interface layer: This layer deals with the physical hardware. It pro-vides interfaces and plugins to various virtualization, database and distributed sys-tems as well as other technologies, such as Xen, Amazon EC2, Amazon S3, andNagios [12]

123


NetworkAttachedStorageIntel Xeon Processors

8 cores @ 2.00GHz

Cloud Management System

Research Pool

.

.

.access

Student

Tutor

Lecturer

access

access

Router

Switch

Router

Intel Xeon Processors4 cores @ 3.06GHz

Server Pool

Switch

AMD Athlon 64x2 4600+ Dual-Core @ 1.00 GHz

PC Pool

Switch

. . .

Fig. 1 Overview of the HFU’s private cloud architecture, CloudIA

ReservationManager

SLAManager

CapacityPlaner

Billing&

Accounting

SnapshotManager

ResourceCalendar

ConfigManager

Shibboleth

SecurityMonitoring&

Management

User InterfaceLayer

Business Layer

Resource Inferface Layer


JDBC Hadoop JMS Condor VMware Xen Nagios

JobSubmission

System Layer

FailureManagement

User AccountManager

QoSMonitoring

Persistence&

Checkpointing

LoadBalancer

ReplicationLife Cylce

Management

Amazon EC2Amazon S3

Desktop (RDP) Browser (http / https) cmd (ssh)

>_

Application (WS-*)

Fig. 2 Cloud management system of CloudIA

– Monitoring and management component: To ensure the reliability of each layer inthe cloud, a monitoring and management component is needed. Thus, this compo-nent allows the system administrator to monitor and to initiate activities of eachlayer. In case of failures, conflicts with SLA objectives, under- or over-utilizedresources

– Security component: To ensure the privacy, recovery, integrity and security ofuser data and transactions, a security feature on all layers is required. Besides the

123


technical solutions, issues in areas such as regulatory compliance and data auditingare important. Therefore, this component also addresses these issues

In this paper, we only focus on describing some components from the System andSecurity layers to address different needs of students and staff. Few components fromthe System layer, such as Job Submission and QoS Monitoring will be discussed inSect. 4, whereas the Shibboleth component of the System layer is explained next.Finally, the use of Amazon services, such as EC2 and S3 will be mentioned in Sect. 5.

3.1 Single sign-on using Shibboleth

To avoid multiple user managements, HFU bases their authentication systems on aSingle Sign-On (SSO) solution using Shibboleth [13]. This includes access to theCloudIA platform, and the collaboration and e-Learning services, such as SCP andCollabSoft. Therefore, we use Shibboleth for a seamless integration between thesecloud services and existing IT infrastructure.

Shibboleth’s main components are Identity Provider (IdP), Service Provider (SP)and Discovery Service for localization of the IdP. Federations can be build easily, wherea person authenticates through his/her home IdP and the authorization information isretrieved by the SP of that home IdP.

Shibboleth can be used for accessing the CloudIA platform. The example (Fig. 3)shows the sequence of calls using Shibboleth in a multi-tenant application (e.g. MediaWiki). One requirement of a Shibboleth architecture is that all SP present a valid cer-tificate. Since the name of the instance is mapped dynamically, the certificate of ainstance is set at runtime. Therefore, CloudIA has a pool of pre-created certificatesfor possible Service Providers.

Figure 3 explains the steps before a user can use a web service. (1) The adminrequests a web service to start at the CloudIA platform. (2) A VM with the installedweb service (e.g. wiki) is started. (3) The relevant SP certificate is copied to the VM(e.g. certificate SP1). (4) The Shibboleth configuration is processed (e.g. URL of thecustomers IdP is set). and (5). The web service is started. Now a Shibboleth enabledweb service is running. Next Shibboleth takes over and exchanges the meta data ofthe IdP and the SP. Note that the URL of the SP must be known by the IdP as “relyingparty”. (7) User calls service the first time. (8) The user must authenticate at his/herIdP, and if successful can then use the service.

3.2 Early experiences in building a cloud infrastructure

Currently, many organizations are building their own private clouds from their existinginfrastructure [3]. Our experiences and difficulties of building a cloud infrastructureare as follows:

– Internal IT policies: Our university has two departments which are responsiblein maintaining and managing IT resources, i.e. IT and Computer Science depart-ments. Each department has its own PC pools, data centers and secured network.Thus, with this separation, each department has their own firewall rules and IP

123


CloudIA

2. start VM3. set certificate4. config shibboleth5. start service

IdPcustomer

1. request to start service

6. transfer metadatafrom IdP to SP1 andvice versa

SP1

7. use service

8. authenticate

admin

user

Fig. 3 Using Shibboleth for a single sign-on solution on the CloudIA architecture

subnets. We found that this was an obstrution to building a cloud computing infra-structure using heterogeneous resources in the university. We later faced a problemof running out of IP addresses, due to the dynamic creation of virtual instances onthe host PCs that belong to same subnet. As the network plays a critical role inthe whole concept of cloud computing, an organization wanting to create a privatecloud needs to be wary of the IT policies and practices deployed across internaldivisions

– Running appropriate services and applications on the cloud: Hosting a particularservice or running a legacy application on the cloud can be counterproductive. Forexample it may slow the application down. In addition, it may consume the wholephysical resource and prevent other VMs from running. In our university’s timetable and room management software, TimeEdit [14] was tested on a VM onthe HP ESX server. Although the hardware specification meets the requirementof running several virtual instances, TimeEdit constantly consumed the avail-able resources. This is because the underlying database of TimeEdit could notbe efficiently run on a VM. Hence, it is important to monitor VM consumptionperiodically, and to run resource-intensive services and applications on dedicatedmachines

4 Infrastructure as a service: automatic creation of customized VMs

Each semester, lab exercises and practical projects require hardware with specificsoftware requirements for student projects. Fourth and sixth semester students ofBusiness Informatics and Computer Science faculties are required to take two practicalsemester projects in various topics such as designing and implementing new software

123


architectures, and evaluating new networking or programming techniques. Therefore,a big pool of project PCs (mostly state of the art hardware) needs to be provided bythe HFU’s IMZ. These project PCs are used throughout the semester and they need tobe maintained and re-configured every 6 months. This section shows that by offeringthese PCs as VMs, the CloudIA project helps IMZ improve productivity in managingvarious hardware and software requirements for the students’ projects.

4.1 VM creation

Instead of providing physical machines (e.g. server and desktop PCs), IMZ can provideVMs. For example, for networking exercises like routing labs or firewall configura-tion, each group needs multiple PCs to complete the exercise. VMs are suitable forthis purpose. However, the VMs need to be created, managed and monitored automat-ically. Thus a web front-end (see Fig. 4a) was developed, where students can login andcreate, suspend, or delete VMs using a wizard, according to their project demands.Per default, a maximum of three VMs per student with a total CPU time of 100 h persemester, and a maximum of 1GB RAM for each VM is set. Unique amongst to otherIaaS providers is the creation and monitoring of VMs in CloudIA. In comparison toother systems that provide customers with preconfigured virtual machine images, ourapproach allows users to decide which software should automatically get installedduring the VM’s creation time.

The creation of VMs is done using minimal operating system (OS) images (e.g.Debian Linux), and adds software packages on demand. To realize this approach, aFully Automatic Installation (FAI) [15] service has been included into the CloudIAplatform to provide the necessary services. Figure 5 shows the involved componentsof the automatic creation of customized VMs process. The major components are at

Fig. 4 CloudIA IaaS webfrontend: a Webfrontend to create/launch a virtual machine, b software packagetree (screen cutout)

123


JobSubmission

QoSMonitoring

System Layer

libvirt Nagios

User Interface Layer

GWTTomcat

Xen

VM

Host

DHCP FAI

1)

2)

3) 4) 5)

6) 7)

TFTP

5)

8)

9)

Resource Inferface Layer

Fig. 5 Automatic VM creation architecture

the resource interface layer, such as DHCP (by providing IPs), libvirt (an interface tomanage VMs), TFTP (for image transfer), and most importantly the FAI service (forimage creation).

The following steps describe the installation process of a new VM in a chronologi-cal order. The user who wants to create a new VM needs to access the CloudIA’s IaaScomponent through a web portal (1), as shown in Fig. 4a. Login is handled by Shib-boleth which authenticates against HFU’s identity system, i.e. OpenLDAP. The webportal provides a wizard to create new VMs. Common (virtual) machine’s parameterslike CPU, RAM size and hard disk size are asked before the user can choose softwarepackages from a software tree (Fig. 4b), which then gets automatically installed onthe VM. After finishing the wizard, an XML description of the new VM is createdand transferred via GWT-RPC to the Job Submission module of CloudIA (2). Themodule contacts a host database (3) to find a free (physical) host for the new VM anda corresponding IP address. The host database gets updated with the resources neededand an individual DHCP entry for the VM gets created on the DHCP server (4). TheJob Submission module forwards the XML description of the VM to the libvirt [16]module on the (physical) target host (5). According to the XML description, a VMgets created using the libvirt API.

The newly created VM boots with a network boot protocol (PXE) enabled. Then,the VM downloads a Linux kernel via a TFTP network from the FAI server (6).

123


The VM boots the kernel from memory. Hardware detection then takes place, the harddisk gets partitioned, and according to the chosen software packages, a correspond-ing FAI class gets contacted. This starts the automated installation of the necessarysoftware packages (7).

To reduce transfer time and network bandwidth consumption, the software packagesare downloaded from the university’s local software repository (e.g. a Debian mirror).In addition to the package installation, customized scripts are executed to change theVM’s root credentials, to delete temporary log and package files, and to inform the JobSubmission module about the completion of the installation (8). Afterwards, the VMboots off its local file system and is ready for the user. The Job Submission moduleinforms the web portal that the VM is available (9).

The details of the software configuration are stored in the configuration files onthe FAI install server. These configuration files are shared among groups (classes) ofcomputers. With this class concept, FAI does not care whether 10 or 100 VMs need tobe installed, aside from performance and latency effects [15]. Thus, there is no need tocreate a configuration file for every single VM. Since an updated mirror of software isused, new VMs are always at the actual patch level. From our experience, FAI offersa scalable method for installing customized software packages into the VMs.

4.2 Monitoring of virtual machines

A challenge of using VMs is that the infrastructure seems to be infinitely avail-able. While allocating physical hardware was considered very carefully, new virtualmachines are deployed less deliberately by administrators. This behaviour is supportedby the overbooking feature of physical hardware. However, this approach has disad-vantages as well. Physical hardware is still limited. Therefore, a monitoring componentis needed to provide quick overview about physical and virtual resources. Quality ofService (QoS) serves as an assurance of performance characteristics to individualapplications during runtime. Such characteristics can be CPU load, memory usageand network traffic. By monitoring these QoS parameters, IMZ ensures a certain levelof performance of the virtual infrastructure.

Monitoring for IMZ administrators: For monitoring the physical hosts, Nagios [12]is used. Its configuration allows the administration to be alerted via several communi-cation channels, e.g. via an e-mail when servers and services go into a critical stage,if a heavy load for a certain duration is recognized. Another advantage of Nagios isthat these hosts and services can be visualized through a web browser. NagiosGrapher[17], a plug-in for Nagios that displays the real-time data into an online chart, is usedto provide a real time overview of the infrastructure. A Simple Network ManagementProtocol (SNMP) is used to monitor the VMs with regards to CPU and memory usages,and network bandwidth. SNMP uses an UDP-based network protocol and thereforerequires an agent to be installed in each VM. The QoS Monitoring module of CloudIAacts as an SNMP master that periodically collects real-time information from agentsand stores the data into a monitor database. This enables IMZ administrators to moni-tor the existing infrastructure and also shows the utilization over larger periods of time.

123


This allows a better decision about the deployability if additional VMs are requiredfor a project.

Monitoring for cloud users: Compared to many other IaaS systems available on themarket, CloudIA shows the user about the progress of the installation until the VMis ready to use. For example, Amazon EC2 customers only get a “processing” status,without any further information. Using the FAI concept for automatic VM creation,the CloudIA system is able to present the user a more detailed status of the overallinstallation process. A prototype GUI pictured in Fig. 6 shows the different steps.Experiments show that an average VM installation time of 5 min can be achieveddepending on the amount of software which needs to be installed additionally onthe VM.

4.3 Advantages for the IMZ

Before using this approach, PCs were assigned among project groups at the beginningof each semester project. Changes to the number of projects in each semester makeit difficult to predict on how much hardware will be needed. Often hardware require-ments change throughout the project, so additional hardware may be needed. At theend of each semester project, PCs need to be collected and maintained. Maintenance ofthese PCs includes a functionality check of all components, secure wiping of installedsoftware, and new installation of a different OS.

An internal study shows that for each used project PC, this process takes up 15 minof an IMZ administrator’s time. This sums up to a considerable high amount depend-ing on how many project PCs were used. Using CloudIA’s IaaS module optimizesthis process to a total of 2 h work for an administrator for a complete semester. Sinceeligible students are able to create their own VMs, no additional hardware needs to beprovided. Due to the restriction of CPU hours, students are forced to use the infrastruc-ture in an economic and responsible manner. It also enables an overbooking of existinghardware, since the maximum possible number of VMs can be higher than physicalhardware exists. As a result, a better utilization of existing hardware is obtained.

For fixed exercises which are part of certain lectures from different faculties (e.g.routing labs), predefined VMs are provided. Thus, all attending students use the samedevelopment environment which is also known to the lecturer. Errors due to OS mis-configuration on missing software components or missing programming libraries canalso be avoided. For all other semester projects, the approach using FAI as an automaticVM creation mechanism provides the following advantages:

Fig. 6 Installation status provided by FAI

123


– Automatic management of software package dependencies– Up-to-date patch level of new installed systems– Low network load since VM images are created directly on the target host– Detailed information of VM creation status

5 Platform as a service: servlet container platform

Many programming courses at HFU require special programming environments forstudents. The proposed PaaS is a Servlet Container Platform (SCP) for HFU courses,such as middleware, Java frameworks, and web frameworks. Thus, this platform allowsstudents to develop, deploy and test their own applications in a servlet container, with-out the need of software installation and configuration.

In order to reduce a high learning curve for students, course coordinators can createVMs using the approach described in Sect. 4. For example, a VM image containingMySQL, Tomcat, PHP, and Apache web server is created. Since the VMs are run-ning in isolation, the IMZ administrator can integrate SCP easily by developing aweb front-end embedded in Online Learning And Training (OLAT) [18], a web-basedopen source Learning Management System (LMS) used by HFU, for authenticationpurposes.

After starting an instance in the SCP, students are able to reserve VMs, e.g. for 100 hwith predefined packages and software for their courses. To access these VMs, stu-dents login to the web portal, as shown in Fig. 7, using HFU’s SSO mechanism. Afterauthentication, the students are able to use servlet container VMs with the followingfunctionalities:

– Start and stop servlet container instances, since students can only use theseinstances for a limited amount of time. The time limitation is introduced to encour-age students to utilize SCP optimally and effectively

ServersDesktopPCs

NAS

Hochschule Furtwangen University (private Cloud)

.

.

.

EC2

S3

Amazon Web Services (public Cloud)

login

login

login

replication


Student

Tutor

Lecturer

AuthenticationModule

database

requestServletinstances

launchnew VMs

launchnew VMsget user

profile & data

Fig. 7 High level overview of running the servlet container in the cloud

123


– Save and delete snapshots of work. In this scenario, a snapshot refers to the Tom-cat and MySQL configuration details and data, such as *.war files and databasetables

– Start a VM based on a saved snapshot– Downloads of snapshots to a local hard disk. Thus, students only need to send their

snapshots to submit their exercise to an examiner

By default, servlet container instances are running on HFU’s private cloud. However,if there are not enough resources available, instances can be outsourced to a publiccloud, i.e. using Amazon’s small EC2 instances, as shown in Fig. 7. Currently, inter-nal IP and Amazon’s dynamic public DNS addresses are displayed in the web portal,to allow students to access Tomcat and MySQL through the Web. However, theseaddresses are no longer valid for new instances. In the future, a DNS server will beinstalled to enable the mapping of the internal IP and Amazon’s dynamic DNS of aVM to public names. Therefore, students can access their instances using the samewebsite address throughout semester.

Once the students stop or shutdown their instances, only their snapshots are saved.The VMs and/or Amazon Machine Images (AMIs) are deleted to save storage. There-fore, these snapshots are replicated between Amazon S3 and our internal storage. Inaddition, Amazon S3 stores a template AMI for the servlet container with the samebasic configurations as the VM hosted on HFU.

5.1 Advantages of servlet container platform

By having SCP as PaaS in the cloud, students can start working on their projects, insteadof spending time on installing a webserver, Tomcat and MySQL on their computers.The same scenario can also be applied to a tutor or lecturer in testing and markingthe students’ work. In addition, students can start a basic VM if they misconfigure theTomcat and/or MySQL configuration details.

The concept of SCP is similar to Google App Engine [9]. Both provide a servletcontainer. However, the major difference is the data storage. Google uses BigTable,whereas SCP uses MySQL. Our approach has an advantage where students can pro-gram their code with standard APIs (e.g. JDBC), instead of Google’s specific APIs.

Another advantage is that SCP can be used multiple times for students and stafffor different purposes, such as lab modules, projects, experiments, and teaching envi-ronments. Therefore, SCP as PaaS provides a fool-proof environment and enhancesthe e-Learning experience. In addition, SCP is easy to maintain and upgrade, sincesoftware updates and installations are needed only on the master VM. Moreover, SCPsupports high availability since VMs and data are replicated on both Amazon S3 andour internal storage.

Since SCP has been included into OLAT (see Sect. 6), IMZ can support studentsand staff through the use of thin clients, which enable the usage of higher comput-ing resources without purchasing new hardware. As a result, IT costs on hardwarepurchase, hardware maintenance, and administration can be reduced.

In addition, with this approach, IMZ can monitor the usage of SCP to control theuse of Amazon EC2 and to prevent miscellaneous access, since IMZ is reponsible for

123


the payment of Amazon services. Then, IMZ can charge VMs running on Amazon tothe appropriate faculties.

6 Software as a service: on-demand Collaboration Software (CollabSoft)

For e-Learning and lecture support, IMZ at HFU provides OLAT (Online LearningAnd Training). OLAT offers a flexible online course system expanded by the version-ing system Subversion (SVN) and a XMPP based instant messaging server (Jabber). InOLAT, it is very simple to setup collaboration environments (working groups) them-selves. Each user can create their own working groups and manage them easily byadding various functionalities, such as calendar, wiki, forum or chat.

Our experience at the HFU has shown that students adapted to the OLAT platformvery well. OLAT is used for organizing programming exercises and storing coursematerials, as a central project management platform and as a web-based blackboard toshare and discuss exercise solutions using wiki and forum functions. Figure 8 showsactive OLAT users over 1 month—consider that HFU has 4100 active students in total,distributed over three campuses.

6.1 The need for OLAT on-demand

Acknowledging the possibilities of the OLAT system, several faculties at the HFUstarted developing special requirements for this system for very special tasks. Forexample, the faculty of Product Engineering arranges a two-week OLAT-based onlineassessment center once every semester. Web-based exercises, quick tests and grouptasks are hosted in a special OLAT course which is only accessible by participants.To prohibit cheating, only this special course must be available in OLAT. After theassessment period, this OLAT installation gets shutdown until the following semester.

Another example is the HFU learning services department that organizes ane-Learning course with a final online exam once per semester. Therefore, a singleOLAT instance needs to be provided preventing cheating as mentioned earlier. Spe-cial events, like the 20-year celebration of the faculty of Digital Media, require a col-laboration and project management platform which can be OLAT. Using the existing

Fig. 8 Active monthly OLAT user in HFU

123


HFU-wide OLAT would require creation of user accounts for external project partnersas well. By providing a separate OLAT installation for this event, HFU students andemployees work in a known environment while external partner do not automaticallyget access to HFU internal OLAT courses.

It becomes clear that there is a high demand for OLAT systems aimed at a specialevent, existing only for a limited time. In contrast, installation and configuration ofan OLAT system takes a whole day done by an experienced OLAT administrator ofthe IMZ. Difficult parts include the initial connection to HFU’s LDAP [19] based userdirectory and adoption of HFU’s corporate design. Therefore, the on-demand Collab-oration Software (CollabSoft), developed by the IMZ, provides an on-demand OLATsystem installed in a VM with customized add-ons.

Figure 9 describes the architecture of a CollabSoft VM. The VM image contains anApache web server, the servlet container Tomcat with the OLAT software, a MySQLdatabase server, an instant messaging server and the versioning system Subversion.A PHP module connects the SVN and the service GUI. There are three differentpossibilities for the user management in CollabSoft:

– Direct administration is suited for a small number of users. The OLAT adminis-trator uses an administrator GUI to create/delete individual accounts

– Lightweight Directory Access Protocol (LDAP) is a common directory servicefor data management of identities. Due to the configuration at the beginning of anew CollabSoft instance, it is possible to integrate an existing LDAP server of anorganization by configuration of its URI. After authentication of the CollabSoftadministrator to the CloudIA platform and starting a CollabSoft instance, the userknown by the LDAP can access the instance

– Shibboleth: If an institution is member of a federation, such as DFN-AAI [20], itcan provide Single Sign-On (SSO) to the services of their member. Only minorconfiguration changes to the CollabSoft instance are necessary. Compliance withcommon rules and standards is guaranteed by the membership of the federation.Authentication and accesses to the respective service providers can be made to theIdentity Provider (IdP), the home organization. For a more detailed description seeSect. 3.1

PhP Module

Collab Soft VMInstantMessaging

Database

Subversion

OLATVM

ApacheWeb Server

Fig. 9 Collaboration Software (CollabSoft) running inside a virtual machine

123


6.2 CollabSoft performance evaluation

To evaluate the performance of CollabSoft in the HFU’s private cloud and its deploy-ability to a public cloud, a performance evaluation was done. A CollabSoft virtualmachine was deployed on a single cloud host in CloudIA. The same one was alsoexported to Amazon’s public cloud. Due to RAM limitations, large and extra largeAmazon instance were used. The hardware configuration of the hosts is listed inTable 1.

Table 1 Hardware Configuration for the CollabSoft Experiment

CloudIA instance Amazon

Large Extra large

No. of cores 8 2 4

CPU type (Intel(R) Xeon(R)) E5504 E5430 E5430

CPU freq. 2.00 GHz 2.66 GHz 2.66 GHz

Total mem (kB) 12,330,508 7,872,040 15,736,360

Fig. 10 JMeter screen shot of the test plan

Test Case No. Test Case Descriptiont1 go to start page (dmz)t2 logint3 calling home addresst4 usgin calendart5 using catalogt6 search for documentt7 search for demo courset8 using demo courset9 using SelfHTML

in demo courset10 using forum

in demo courset11 using content page

in demo courset12 using file dialog

in demo courset13 download 4MByte filet14 download 1MByte filet15 search for demo courset16 logoutt17 go to start page (dmz)

Fig. 11 JMeter test plan with index

123


After deployment, each CollabSoft instance was stressed with a customized bench-mark using Apache JMeter [21]. JMeter is designed to interactively create test plansfor a load test. The CollabSoft test plan pictured in Figs. 10 and 11 was used. It repre-sents a typical usage scenario of a user, e.g. login, search for a specific course, use thecourse, use a forum, up or download files, etc. All interactions have been done 1,000times with about 100 users.

The most important measurement for the user is the request/response time duringthe test. Figure 12 compares this measurement between the three different hardwareplatforms (CloudIA, Amazon Large, Amazon Extra large). It can be seen that at t2“login” and at t8 “using demo course” the response time of the CloudIA instance isslightly slower. This is an exception and can not be re-produced.

Overall, the experiment shows that at peak time, when the private cloud is fullyutilized, the CollabSoft can operate with acceptable response times even in Amazon.

6.3 Advantages of CollabSoft

With the CollabSoft VM image, the IMZ is now able to setup CollabSoft on the HFU’sprivate cloud architecture or any other public cloud provider in a matter of minutes bydefining essential configurations, such as an LDAP host, disk space and a logo. Themain strength of CollabSoft comes with the functionality of OLAT. The system is usedby students for on demand lab exercises and by researcher groups for collaborationpurposes (e.g. CMS).

Fig. 12 ReqResTimeAll

123


HFU faculties are using CollabSoft as general project management software. WithCollabSoft they are using a tool which they are used to and which follows the HFU’scorporate design. This optimizes the working experience and strengthens HFU’scollaboration with external partners. The latest project using a CollabSoft VM is anew HFU alumni platform.

Several German universities and established research organizations are organizedin an “Authentication and Authorization Infrastructure” (DFN-AAI). While they arephysically distributed within Germany (and no centralized user directory exists), mem-bers are able to login to a DFN-AAI enabled service using Shibboleth. With theflexibility of CloudIA and CollabSoft, IMZ is able to provide an IMZ wiki to shareinformation about common IMZ problems (every German university has an IMZ)and especially Shibboleth-related solutions. A DFN-AAI member can login to thewiki using his/her existing user name and password which gets validated through thetrust relation provided by Shibboleth. Since CollabSoft is fully Shibboleth-enabled, anew DFN-AAI collaboration service an be created within a couple of hours withoutimporting user-data from remote member-directory-services. Figure 13 shows a mapof all DFN-AAI members who are using the wiki.

Fig. 13 Map of German DFN-AAI member using IMZ wiki

123


The following list sums up the advantages of CollabSoft:

– Fast setup time of a new collaboration/project management environment– Uniform environment that follows a corporate design– Self adminstration by the user– No administration of single users is needed if using Shibboleth Only configuration

of access level by attributes and rules is required– No additional user management is necessary if used by HFU organizations due to

preconfigured connection to LDAP directory– Persistent storage of instances is possible due to snapshots of a CollabSoft VM

7 Conclusion and future work

This paper shows how cloud computing helps Hochschule Furtwangen University(HFU)’s IT department improve periodic IT tasks such as the management of projectPCs with a standard development environment for programming exercises. HFU’sprivate cloud architecture called Cloud Infrastructure and Application (CloudIA) wasexplained and its special issue of Single Sign-on (SSO) using Shibboleth has beenemphasized.

Unique amongst to other Infrastructure as a Service (IaaS) frameworks, CloudIAcreates a virtual machine by choosing a base image and post installing software pack-ages selected by the user on the fly. This approach gives high flexibility, saves diskspace, guarantees installation of newest software versions, and enables monitoringof the installation progress. The Platform as a Service (PaaS) approach is supportedby a Servlet Container Platform and is mainly used for study courses at the HFU.It has been integrated into HFU’s e-Learning management system with the supportof SSO. A successful collaboration application, Collaboration Software (CollabSoft),has been adapted to a Software as a Service (SaaS) model with support for differentauthentication technologies. Due to its flexibility, it is now possible to support heavydemands on a collaboration platform with an instant solution which HFU affiliates arealready familiar with.

This paper also presents a case for cloud computing where it can be used to sup-port collaboration and e-Learning services in a university environment—from IaaS toSaaS. Therefore, our work on cloud computing can be used as an example for otheruniversities to follow.

As for future work, further extensions of CloudIA’s IaaS systems are planned. Firsttrials indicate that users often choose a very similar configuration. Hence, it will bemore efficient to provide several templates and add individual software configura-tions to them. Furthermore, integration of different user management systems will bedeveloped to support connection to existing external user directories such as a partner’sLDAP server. Thus, CollabSoft could be offered to external parties as well. Finally,CloudIA’s monitoring module needs to be extended to support efficient Quality ofService (QoS) monitoring to optimize infrastructure usability in regards to the greenIT paradigm.

123


Acknowledgments The authors would like to thank the following people: Jonas Ambrus, Markus Joos,Bastian Lorenz, Daniel Neidig, Christoph Raible, Roman Rietsche, Nikolas Schaetzle, Patrick Straub,Daniel Weng, Lars Heppler and Manuel Gawol for their work on the development of the automatic virtualmachine creation environment. In addition, we would like to thank Joachim Saleyka for his efforts on theOLAT installation, and Patrick Brunner from the OLAT project at University of Zurich for providing uswith a JMeter template. We also would like to thank Firat Sahin for the web portal screenshots. Finally, wewould like to acknowledge Amazon’s Education Project for supplying us with research credits.

References

1. Vouk M, Averritt S, Bugaev M, Kurth A, Peeler A, Schaffer H, Sills E, Stein S, Thompson J (2008)Powered by VCL—using Virtual Computing Laboratory (VCL) Technology to Power Cloud Comput-ing. In: Proceedings of the 2nd international conference on the virtual computing initiative (ICVCI’08)

2. Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared.In: Proceedings of the grid computing environments workshop (GCE’08), Austin, Texas, USA

3. Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A,Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. Technical ReportUCB/EECS-2009-28, University of California at Berkeley

4. Amazon Web Services (2009) AF83 Case Study. http://aws.amazon.com/solutions/case-studies/af83/5. Dong B, Zheng Q, Yang J, Li H, Qiao M (2009) An E-learning ecosystem based on cloud computing

infrastructure. In: Ninth IEEE international conference on advanced learning technologies, ICALT2009, pp 125–127

6. Dong B, Zheng Q, Qiao M, Shu J, Yang J (2009) BlueSky cloud framework: an e-learning frameworkembracing cloud computing. In: Proceedings of the 1st international conference on cloud computing(CloudCom 2009), Beijing, China

7. Cayirci E, Rong C, Huiskamp W, Verkoelen C (2009) Snow leopard cloud: a multi-national educationtraining and experimentation cloud and its security challenges. In: Proceedings of the 1st internationalconference on cloud computing (CloudCom 2009), Beijing, China

8. Rochwerger B, Breitgand D, Levy E, Galis A, Nagin K, Llorente I, Montero R, Wolfsthal Y, ElmrothE, Caceres J, Ben-Yehuda M, Emmerich W, Galan F (2009) The RESERVOIR model and architecturefor open federated cloud computing. IBM Syst J 53(4):4:1–4:11

9. Google App Engine (2010) http://code.google.com/appengine/10. Qumranet (2006) KVM—White Paper. http://www.linux-kvm.org/11. Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003)

Xen and the art of virtualization. In: Proceedings of the 19th ACM symposium on operating systemsprinciples (SOSP’03), New York, USA

12. Nagios (2010) The industry standard in IT infrastructure monitoring. http://www.nagios.org/13. Shibboleth (2010) http://shibboleth.internet2.edu/14. TimeEdit (2010) http://www.timeedit.com/15. FAI (2010) Fully automated installation. http://www.informatik.uni-koeln.de/fai/16. Libvirt (2010) The virtualization API. http://libvirt.org/17. NagiosGrapher (2010) https://www.nagiosforge.org/gf/project/nagiosgrapher/18. OLAT (2010) Online learning and training. http://www.olat.org/19. Zeilenga K (ed) (2006) Lightweight directory access protocol (LDAP): technical specification road

map (RFC4510). http://tools.ietf.org/html/rfc451020. DFN-AAI (2010) Deutsches Forschungsnetz Federation. https://www.aai.dfn.de/21. JMeter (2010) Apache JMeter. http://jakarta.apache.org/jmeter/

123

http://aws.amazon.com/solutions/case-studies/af83/

http://code.google.com/appengine/

http://www.linux-kvm.org/

http://www.nagios.org/

http://shibboleth.internet2.edu/

http://www.timeedit.com/

http://www.informatik.uni-koeln.de/fai/

http://libvirt.org/

https://www.nagiosforge.org/gf/project/nagiosgrapher/

http://www.olat.org/

http://tools.ietf.org/html/rfc4510

https://www.aai.dfn.de/

http://jakarta.apache.org/jmeter/

private cloud for collaboration and e-learning...

Documents